Why a US Court Ordered Pegasus-Maker NSO Group to Pay Meta $167 Million
In a major legal development that could shape the future of digital privacy and cybersecurity, a US court has ordered Israeli spyware firm NSO Group to pay $167 million in damages to Meta, the parent company of WhatsApp. The verdict was delivered on May 6, 2025, marking a significant moment in the six-year-long legal battle between the two tech entities.
The case centers around Pegasus, NSO Group’s controversial spyware that has allegedly been used by governments to spy on activists, journalists, and political opponents. The jury ruled that NSO Group violated US cybersecurity laws by allowing clients to exploit a zero-click vulnerability in WhatsApp to infiltrate users’ devices without their knowledge.
🕵️♂️ What Is Pegasus Spyware?
Pegasus is a powerful piece of spyware developed by NSO Group, an Israeli cyber-intelligence company. What makes Pegasus dangerous is its stealthy, zero-click attack capability—it can infect a smartphone without the user having to click a link or take any action.
Once installed, Pegasus can:
- Access messages, photos, and emails
- Activate the microphone and camera
- Track location in real time
- Bypass encryption protocols
NSO Group claims it sells Pegasus only to government agencies for national security and criminal investigations, but multiple reports suggest it has been used to target journalists, opposition leaders, and human rights activists worldwide.
💥 The Lawsuit: Meta vs NSO Group
In October 2019, Meta (then Facebook) filed a lawsuit against NSO Group, accusing the company of:
- Exploiting a vulnerability in WhatsApp
- Installing Pegasus on over 1,400 devices
- Violating US cybersecurity laws, including the Computer Fraud and Abuse Act (CFAA)
Meta alleged that NSO’s actions amounted to unauthorized access to its platform and illegal surveillance of its users, many of whom were civilians and non-criminals.
The company emphasized that Pegasus not only compromised individual privacy but also threatened the integrity of its platform.
⚖️ What Did the Court Decide?
After years of legal proceedings, a jury in California reached a verdict in May 2025, siding with Meta. The key decisions include:
- NSO Group was found guilty of violating US cybersecurity laws
- The jury ordered the firm to pay $167 million in damages to Meta
- The verdict followed two days of deliberation
This ruling builds on a December 2024 decision from the district court that established NSO’s direct involvement in the WhatsApp hacking incidents.
Meta’s legal team successfully argued that NSO Group was not entitled to sovereign immunity, which NSO had claimed by stating it worked only with governments.
🔍 Why This Verdict Matters
This case sets a legal precedent with wide-reaching implications. Here’s why it matters:
1. Accountability for Private Cyber Firms
Until now, companies like NSO operated in a legal gray zone. This ruling shows that private companies are not above the law, especially when they abuse digital platforms.
2. Strengthening Platform Defenses
Tech companies like Meta now have legal ground to pursue justice against hackers and firms that exploit their infrastructure.
3. Push for Stronger Cybersecurity Laws
The case reinforces the need for strong global cyber regulations to hold surveillance tech providers accountable.
4. International Diplomacy
NSO’s operations have drawn criticism from the United Nations and international rights organizations. The US ruling might pressure other countries to crack down on digital surveillance abuse.
📱 How Pegasus Was Used on WhatsApp
One of the most alarming parts of the case was how Pegasus infiltrated phones via WhatsApp using a “zero-click exploit.”
Here’s what happened:
- NSO clients sent malicious data packets via WhatsApp video calls
- The exploit worked even if the user didn’t answer the call
- Once infected, the attacker had full control of the phone
This sophisticated method allowed governments to conduct surveillance without alerting the target.
Meta detected the breach in May 2019, patched the vulnerability, and began notifying affected users and regulators, leading to the eventual lawsuit.
🌍 Global Reactions
The US court’s decision was met with applause by privacy advocates, tech leaders, and cybersecurity experts.
- Meta’s CEO Mark Zuckerberg praised the ruling as a win for user safety.
- Human Rights Watch called the decision a “milestone in the fight against surveillance abuse.”
- The NSO Group, however, expressed disappointment and hinted it may appeal the verdict.
Meanwhile, governments known to have purchased Pegasus—including Mexico, India, Hungary, and Saudi Arabia—have faced renewed scrutiny.
📉 What’s Next for NSO Group?
The verdict could severely impact NSO Group’s future:
- $167 million is a major financial blow for the company
- NSO may face more lawsuits from other platforms or individuals
- Regulatory bodies could ban or restrict Pegasus worldwide
In fact, the US government had already blacklisted NSO Group in 2021, barring it from doing business with American firms. This court decision strengthens that stance.
🔐 Lessons for Users and Tech Companies
This case highlights the importance of strong cybersecurity measures, not just for companies but also for individuals.
For users:
- Keep apps updated regularly
- Be cautious about unknown calls or messages
- Use end-to-end encrypted apps and security tools
For tech companies:
- Monitor platforms for unusual activity
- Invest in threat detection systems
- Take legal action against bad actors to defend user rights
The $167 million judgment against NSO Group is more than just a financial penalty—it’s a bold statement that abuse of digital surveillance tools will not be tolerated, especially when innocent users are put at risk.
Meta’s victory in court sends a clear message: platform security, user privacy, and corporate accountability are non-negotiable in today’s digital world.
Click here to subscribe to our newsletters and get the latest updates directly to your inbox.